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= < 54 > Ti,le: DIGITAL VIDEO CONTENT TRANSMISSION CIPHERING AND DECIPHERING MET HOD AND APPARATUS 



(57) Abstract: A video source 
device generates a session key 
for each transmission session 
wherein a multi-frame video 
content is to be transmitted to 
a video sink device. The video 
source device uses the session 
key to generate a successive 
number of frame keys. The frame 
keys in turn are used to generate 
corresponding pseudo random 
^^^.j , , . . bit sequences for ciphering the 

corresponding frames to protect the video content from unauthorized copying during transmission. The video sink device ices 
a complementary approach to decipher the received video content In one embodiment, both devices are each provided with an 
integrated block/stream cipher to practice the transmission protection method. 
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Digital Video Content Tra nsmission Ciphering And Decip hering 

Method And App aratus 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The present invention relates to the field of content protection. More 
specifically, the present invention addresses the provision of protection to digital 
video content to facilitate their secure transmission from a video source device to 
a video sink device. 

2. Background Information 

In general, entertainment, education, art, and so forth (hereinafter 
collectively referred to as "content") packaged in digital form offer higher audio 
and video quality than their analog counterparts. However, content producers, 
especially those in the entertainment industry, are still reluctant in totally 
embracing the digital form. The primary reason being digital contents are 
particularly vulnerable to pirating. As unlike the analog form, where some 
amount quality degradation generally occurs with each copying, a pirated copy of 
digital content is virtually as good as the "gold master". As a result, much efforts 
have been spent by the industry in developing and adopting techniques to 
provide protection to the distribution and rendering of digital content. 

Historically, the communication interface between a video source device 
(such as a personal computer) and a video sink device (such as a monitor) is an 
analog interface. Thus, very little focus has been given to providing protection for 
the transmission between the source and sink devices. With advances in 
integrated circuit and other related technologies, a new type of digital interface 
between video source and sink devices is emerging. The availability of this type 
of new digital interface presents yet another new challenge to protecting digital 
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Figure 5 illustrates the combined block/stream cipher of Fig. 4 in further 
detail, in accordance with one embodiment; 

Figure 6 illustrates the block key section of Fig. 5 in further detail, in 
accordance with one embodiment; 

Figure 7 illustrates the block data section of Fig. 5 in further detail, in 
accordance with one embodiment; and 

Figures 8a-8c illustrate the stream data section of Fig. 5 in further detail, 
in accordance with one embodiment. 

DETAILED DESCRIPTION OF THE INVENTION 

In the following description, various aspects of the present invention will be 
described, and various details will be set forth in order to provide a thorough 
understanding of the present invention. However, it will be apparent to those 
skilled in the art that the present invention may be practiced with only some or all 
aspects of the present invention, and the present invention may be practiced 
without the specific details. In other instances, well known features are omitted or 
simplified in order not to obscure the present invention. 

Various operations will be described as multiple discrete steps performed in 
turn in a manner that is most helpful in understanding the present invention. 
However, the order of description should not be construed as to imply that these 
operations are necessarily performed in the order they are presented, or even 
order dependent. Lastly, repeated usage of the phrase "in one embodiment" does 
not necessarily refer to the same embodiment, although it may. 

Referring now to Figure 1, wherein a block diagram illustrating an 
overview of the present invention, in accordance with one embodiment is shown. 
As illustrated, video source device 102 and video sink device 104 are coupled to 
each other by digital video link 106. Video source device 102 provides video 
content to video sink device 104 through digital video link 106. In accordance 
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203). Upon exchanging the above information, source and sink devices 102 and 
104 independently generate their respective copies of an authentication key (Km) 
using Ak and Bk (block 204 and 205). For the illustrated embodiment, source 
device 102 generates its copy of Km by summing private keys of its provided 
array indexed by Bk, while sink device 104 generates its copy of Km by summing 
private keys of its provided array indexed by Ak. At this time, if both source and 
sink devices 102 and 104 are authorized devices, they both possess and share a 
common secret authentication key Km. 

In one embodiment, each of source and sink devices 102 and 104 is pre- 
provided with an array of 40 56-bit private keys by the certification authority. An 
is a 64-bit random number, and Km is 56-bit long. For more information on the 
above described authentication process, see co-pending U.S. Patent Application, 
serial number 09/275,722, filed on March 24, 1999, entitled Method and 
Apparatus for the Generation of Cryptographic Keys, having common 
inventorship as well as assignee with the present application. 

Having authenticated sink device 104, source device 102 ciphers video 
content into a ciphered form before transmitting the video content to sink device 
104. Source device 102 ciphers the video content employing a symmetric 
ciphering/deciphering process, and using the random number (An) as well as the 
independently generated authentication key (Km) (block 206). Upon receipt of 
the video content in ciphered form, sink device 104 deciphers the ciphered video 
content employing the same symmetric ciphering/deciphering processing, and 
using the provided An as well as its independently generated copy of Km (block 
207). 

In accordance with the present invention, as an integral part of ciphering 
video content, source device 102 derives a set of verification reference values in 
a predetermined manner (block 208). Likewise, as an integral part of 
symmetrically deciphering video content sink device 104 also derives a set of 
verification values in a predetermined manner, and transmits these derived 
verification values to source device 102 (block 209). Upon receiving each of 
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Upon generating the session key Ks, source device 102 generates an 
initial version of a second random number (MO) (block 304). For the illustrated 
embodiment, source device 102 first generates a pseudo random bit sequence 
(at p-bit per clock) using a stream cipher with the above described random 
number An and the session key Ks (in two roles, as another input random 
number and as the stream cipher key), applying C2 clocks. Source device 102 
derives M0 from the pseudo random bit sequence, as the bit sequence is 
generated. 

Next, source device 102 generates a frame key (Ki) for the next frame 
(block 306). For the illustrated embodiment, Ki is generated by block ciphering 
an immediately preceding version of the second random number MM using the 
session key Ks as the block cipher key, and applying C3 clocks. That is, for the 
first frame, frame-1, frame key K1 is generated by block ciphering the above 
described initial version of the second random number M0, using Ks, and 
applying C3 clocks. Additionally, this operation is subsequently repeated at each 
vertical blanking interval for the then next frame, frame-2, frame-3, and so forth. 

Upon generating the frame key Ki, source device 102 generates the 
current version of the second random number (Mi) (block 302). For the 
illustrated embodiment, source device 102 first generates a pseudo random bit 
sequence (at p-bit per clock) using a stream cipher with the previous version of 
the second random number MM and the frame key Ki (in two roles, as another 
input random number and as the stream cipher key), applying C4 clocks. Source 
device 102 derives Mi from the pseudo random bit sequence, as the bit 
sequence is generated. 

Upon generating the current version of the second random number Mi, 
source device 102 again generates a pseudo random bit sequence (at p-bit per 
clock) to cipher the frame (block 308). For the illustrated embodiment, source 
device 102 generates the pseudo random bit sequence using a stream cipher 
with an immediately preceding version of the second random number MM and 
frame key Ki (in two roles, as another input random number and the stream 
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are 56 clocks in length. Each 64-bit Mi is formed by concatenating the "lower" 
1 6-bit stream cipher output of each of the last four clocks. 

Accordingly, video content may be advantageously transmitted in ciphered 
form with increased robustness from source device 102 to sink device 104 
through link 106 with reduced pirating risk. 

Figure 4 illustrates video source and sink devices of Fig. 1 in further 
detail, in accordance with one embodiment. As shown, video source and sink 
devices 102 and 104 include interfaces 108a and 108b disposed at the 
respective end of link 106. Each of interfaces 108a and 108b is advantageously 
provided with cipher 110 of the present invention and XOR 112 to practice the 
video content protection method of the present invention as described above. 
Additionally, for ease of explanation, interface 108a is also shown as having 
been provided with a separate random number generator 114. Except for 
interfaces 108a and 108b, as stated earlier, video source and sink devices 102 
and 104 are otherwise intended to represent a broad category of these devices 
known in the art. 

Random number generator 114 is used to generate the earlier described 
random number An. Random number generator 114 may be implemented in 
hardware or software, in any one of a number of techniques known in the art. In 
alternate embodiments, as those skilled in the art will appreciate from the 
description to follow, cipher 110 may also used to generate An, without the 
employment of a separate random number generator. 

Cipher 110 is a novel combined block/stream cipher capable of operating 
in either a block mode of operation or a stream mode of operation. To practice 
the video content protection method of the present invention, cipher 110 is used 
in block mode to generate the above described session key Ks and frame keys 
Ki, and in stream mode to generate the pseudo random bit sequences for the 
various frames (and indirectly Mi, as they are derived from the respective bit 
sequences). 
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intermediate "keys", which are stored away (in storage locations not shown). The 
stored intermediate "keys" are then applied to the ciphered text in reversed order, 
resulting in the deciphering of the ciphered text back into the original plain text. 
Another approach to deciphering the ciphered text will be described after block 
key section 502 and data section 504 have been further described in accordance 
with one embodiment each, referencing Figs. 6-7. 

In stream mode, stream key section 506 is provided with a stream cipher 
key, such as the earlier described session key Ks or frame key Ki. Block key 
section 502 and data section 504 are provided with random numbers, such as 
the earlier described session/frame keys Ks/Ki and the derived random numbers 
Mi-1 . "Rekeying enable" signal is set to an "enabled" state, operatively coupling 
block key section 502 to stream key section 506. Periodically, at predetermined 
intervals, such as the earlier described horizontal blanking intervals, stream key 
section 506 is used to generate one or more data bits to dynamically modify the 
then current state of the random number stored in block data section 502. 
During each clock cycle, in between the predetermined intervals, both random 
numbers stored in block key section 502 and data section 504 are transformed. 
The random number provided to block key section 502 is independently 
transformed, whereas transformation of the random number provided to data 
section 504 is dependent on the transformation being performed in block key 
section 502. Mapping block 506 retrieves a subset each, of the newly 
transformed states of the two random numbers, and reduces them to generate 
one bit of the pseudo random bit sequence. Thus, in a desired number of clock 
cycles, a pseudo random bit sequence of a desired length is generated. 

For the illustrated embodiment, by virtue of the employment of the 
"rekeying enable" signal, stream key section 506 may be left operating even 
during the block mode, as its outputs are effectively discarded by the "rekeying 
enable" signal (set in a "disabled" state). 
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Again, substitution boxes 604 and linear transformation unit 606 may be 
implemented in a variety of ways in accordance with well known cryptographic 
principles. 

In one implementation for the above described embodiment, each register 
602a, 602b, 602c, 702a, 702b, 702c is 28-bit wide. [Whenever registers 602a- 
602c or 702a-702cb collectively initialized with a key value or random number 
less than 84 bits, the less than 84-bit number is initialized to the lower order bit 
positions with the higher order bit positions zero filled.] Additionally, each set of 
substitution boxes 604 or 704 are constituted with seven 4 input by 4 output 
substitution boxes. Each linear transformation unit 606 or 706 produces 56 
output values by combining outputs from eight diffusion networks (each 
producing seven outputs). More specifically, the operation of substitution boxes 
604/704 and linear transformation unit 606/706 are specified by the four tables to 
follow. For substitution boxes 604/704, the Ith input to box J is bit l*7+J of 
register 602a/702a, and output I of box J goes to bit l*7+j of register 602c/702c. 
[Bit 0 is the least significant bit.] For each diffusion network (linear transformation 
unit 606 as well as 706), the inputs are generally labeled 10-16 and the outputs 
are labeled O0-O6. The extra inputs for each diffusion network of the linear 
transformation unit 706 is labeled K0-K6. 
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(continued in Table IV). 
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combiner function 804, coupled to each other as shown. LFSRs 802 are 
collectively initialized with a stream cipher key, e.g. earlier described frame key 
Ki. During operation, the stream cipher key is successively shifted through 
LFSRs 802. Selective outputs are taken from LFSRs 802, and combiner function 
804 is used to combine the selective outputs. In stream mode (under which, 
rekeying is enabled), the combined result is used to dynamically modify a then 
current state of a block cipher key in block key section 502. 

For the illustrated embodiment, four LFSRs of different lengths are 
employed. Three sets of outputs are taken from the four LFSRs. The 
polynomials represented by the LFSR and the bit positions of the three sets of 
LFSR outputs are given by the table to follows: 
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Table V- 



Polynomials of the LFSR and tap positions 



The combined result is generated from the third set of LFSR outputs, 
using the first and second set of LFSR outputs as data and control inputs 
respectively to combiner function 802. The third set of LFSR outputs are 
combined into a single bit. In stream mode (under which, rekeying is enabled), 
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Referring now to back to Figure 5, as illustrated and described earlier, 
mapping function 508 generates the pseudo random bit sequence based on the 
contents of selected registers of block key section 502 and data section 504. In 
one embodiment, where block key section 502 and data section 504 are 
implemented in accordance with the respective embodiments illustrated in Fig. 6- 
7, mapping function 508 generates the pseudo random bit sequence at 24-bit per 
clock based on the contents of registers (Ky and Kz) 602b-602c and (By and Bz) 
702b-702c. More specifically, each of the 24 bits is generated by performing the 
XOR operation on nine terms in accordance with the following formula: 

(B0.K0) 0 (B1.K1) © (B2.K2) © (B3.K3) © (B4.K4) © (B5.K5) © (B6.K6) 
© B7 © K7 

Where "©" represents a logical XOR function, "•" represents a logical AND 
function, and the input values B and K for the 24 output bits are 
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CLAIMS 



What is claimed is: 

1 . In a video source device, a method comprising: 

generating a session key for a transmission session within which a multi- 
frame video content is to be transmitted to a video sink device- and 

? en ® ra J in 9 a successive number of frame keys, using at least the session 
key, to facilitate ciphering of corresponding frames of the multi-frame video 
content for transmission to the video sink device. 

2. The method of claim 1 , wherein said generating of successive frame kevs 
comprises generating at each vertical blanking interval of said multi-frame video 
content, a frame key for ciphering a frame of said multi-frame video content. 

3. The method of claim 2, wherein said method further comprises generatino 
a pseudo random bit sequence for each frame, using at least the corresponds 
frame key, for ciphering the particular frame of said multi-frame video content. 

4. The method of claim 3, wherein each of said generating of a pseudo 
random bit sequence using a corresponding frame key comprises successive 
modifications of the corresponding frame key. 

5. The method of claim 4, wherein said successive modifications of the 
corresponding frame key are performed at horizontal blanking intervals of the 
frame. 

6. The method of claim 3, wherein said method further comprises generating 
an initial pseudo random bit sequence using at least the session keV and 
deriving an initial pseudo random number from the initial pseudo random bit 
sequence to be used with a first frame key to generate a first pseudo random bit 
sequence to cipher a first frame. 

7. ■ The method of claim 3, wherein each of said generating of a pseudo 
random bit sequence comprises generating sufficient number of pseudo random 
bits for ciphenng a pixel on a bit-wise basis each clock. 

8. In a video source device, a method comprising: 

generating a frame key for each frame of a multi-frame video content- and 
generating a pseudo random bit sequence for each of the corresponding 

frames, using at least the corresponding frame key, for ciphering the video 

content. 

9. The method of claim 8, wherein said generating of a frame key for each 
frame compnses generating one frame key at each vertical blanking interval of 
said multi-frame video content. 
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1 7. The apparatus of claim 1 3, wherein the block cipher comprises a first and 
a second register to store a first and a second value, and a function block 
coupled to the first and second registers to transform the stored first and second 
values, with a selected one of the transformed first and second values beinq the 
session key or a frame key. 

18. The apparatus of claim 17, wherein the block cipher is an integral part of 
said stream cipher. 

19. In a video sink device, a method comprising: 

generating a session key for a reception session within which a multi- 
frame video content is to be received from a video source device; and 

generating a successive number of frame keys, using at least the session 
key, to facilitate deciphering of corresponding frames of the multi-frame video 
content received from the video source device. 

20. The method of claim 1 9, wherein said generating of successive frame 
keys comprises generating at each vertical blanking interval of said multi-frame 
video content, a frame key for deciphering a frame of said multi-frame video 
content. 



21 . The method of claim 20, wherein said method further comprises 
generating a pseudo random bit sequence for each frame, using at least the 
corresponding frame key, for deciphering the particular frame of said multi-frame 
video content. 



22. The method of claim 21 , wherein each of said generating of a pseudo 
random bit sequence using a corresponding frame key comprises successive 
modifications of the frame key. 

23. The method of claim 22, wherein said successive modifications are 
performed at horizontal blanking intervals of the frame. 

24. The method of claim 2 1 , wherein said method further comprises 
generating an initial pseudo random bit sequence using at least the session key 
and deriving an initial pseudo random number from the initial pseudo random bit 
sequence to be used with the first frame key to generate a first pseudo random 
bit sequence to cipher a first frame. 

25. The method of claim 21 , wherein each of said generating of a pseudo 
random bit sequence comprises generating sufficient number of pseudo random 
bits for deciphering a pixel on a bit-wise basis each clock. 

26. In a video sink device, a method comprising: 

generating a frame key for each frame of a multi-frame video content 
received from a video source device; and 
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34 The apparatus of claim 32, wherein the stream cipher further comprises a 
tret function block coupled to the register to successively transform a stored 
frame key, and a second function block coupled to the register to generate the 
pseudo random bit sequence for the corresponding frame using a selected 
subset of each of the transformed states of the frame key. 

35. The apparatus of claim 31 , wherein the block cipher comprises a first and 
a second register to store a first and a second value, and a function block 
coupled to the first and second registers to successively transform the stored first 
and second values, with a selected one of the transformed first and second 
values being the session key or a frame key. 

36^ The apparatus of claim 35, wherein the block cipher is an integral part of 
said stream cipher. a H 



25 



WO 01/17251 



PCT/US00/22785 



1/5 



VIDEO 




VIDEO 


SOURCE 




SINK 




DEVICE 




DEVICE 


102 


106 


104 



FIG. 1 



202- 



VIDEOw— 102 
SOURCE 
DEVICE 

GENERATE An 
SEND An & Ak 



204-— GENERATE Km 

206-^- CIPER & SEND 
VIDEO 



-GENERATE 
203—VERIFICATION 
REF. VALUES 



-VERIFY 
210^ STABILITY OF 
SYMMETRICAL 
DECIPHERING 



CIPHERED 
VIDEO 



VERF. VALUES 



CIPHERED 
VIDEO 



VIDEO SINK- 
DEVICE 



-104 





REPLY WITH Bk^~203 



GENERATE Km -^205 

DECIPHER & RENDER^ 207 
VIDEO 

GENERATE VERIFICATION 

VALUES 
X 

209 

SEND VERIFICATION 
VALUES 



FIG. 2 



CIIDCTTTIITC CLirCT /nutr oc\ 



WO 01/17251 



PCT/US00/22785 



2/5 



to 




to 














tol 


















< 








UJ 




IZ 




UJ 











<£> 




O 


uj is 


to 






< UJ 




o2 to 
























UJ >- 










flinPTTTHTr rtirrr /run r> \ 



WO 01/17251 



PCT/US00/22785 



3/5 



VIDEO 

SOURCE DEVICE 



102 



INTERFACE 



RNG 
114 



VIDEO > 



VIDEO 

SINK DEVICE 



104 




FIG. 4 



STREAM KEY 
SECTION 



506 



RANDOM 
NUMBER' 



DATA SECTION 



504 



MOD 



RE KEYING 
ENABLE 



BLOCK KEY SECTION 
502 



- BLOCK 
KEY OR 
RANDOM 
KNUMBER 



MAPPING SECTION 
503 



PSEUDO RANDOM (DERIVED 
BIT SEQUENCE Mi+1) 



FIG. 5 



CtiDCTTTiiTP rurrrT 



/mil r or \ 



WOpi/17251 



PCT/US00/22785 



602a 



TO ^ 
DATA 
SECTION 



4/5 

BLOCK KEY SECTION 




FROM CIPHER 
KEY SECTION 



602c 



602a 



602b 



602c 



DATA SECTION 



FIG. 6 



702a 



S-Box 
B 



704 



702a 



Bx 




By 




Bz 


1 


r 




I 

702b 

r 







linear 
Transformation f3 

T 

706 




Bx 




By 




Bz 





-1 


4— 



FROM 
BLOCK 
KEY SECTION 



702b 



702c 



FIG. 7 



CKDCTTTIITC CUCCT /DIIIC OC \ 



,\VO pl/17251 



PCT/USOO/22785 



5/5 



DATA IN 



302 




COMBINER FUNCTION 
604 



CONTROL 
DATA COMBING 



FIG. &a 



LFSRO TapO 
LF5R1 TapO 
LFSR2 TapO 
LFSR3 TapO 

LFSRO Tap1 
LFSR1 Tap1 
LF5R2 Tap1 
LF5R3 Tap1 

LFSRO Tap2 
LF5R1 Tap2 
LFSR2 Tap2 
LFSK3 Tap2 




Din 



Shuttle 



8pi bn 



SURFA3LE NETWORK 506 
«0b M)c &1CW 



Select 



Shuttle 



Dout -+ Din Dout Din Dout -* 



Se 



ect 



Shuttle 



Select 



Shuttle 
Din Doutl— i 



Se 



ect 



Combiner 
Output 



Outpul 



FIG. 8b 



314a 1-bit Register A 



2:1 Data 
Selector 




310* 



FIG. 3c 



ninrTTTiiTr c-i ii-r-v /mil f- ^r- \ 



INTERNATIONAL SEARCH REPORT 

. ormatlon on patent family members 



Interr nal Application No 

PCT/US 00/22785 



Patent document 
cited in search report 


Publication 
date 


Patent family 
member(s) 


Publication 
date 




A 


15-04-1999 


All 




27-04-1999 








BR 


9812703 A 


22-08-2000 








EP 


1020080 A 


19-07-2000 








NO 


20001649 A 


02-06-2000 








ZA 


9808951 A 


12-04-1999 


US 5621799 


A 


15-04-1997 


JP 
JP 


7115414 A 
7134647 A 


02-05-1995 
23-05-1995 



US 5852472 



22-12-1998 



NONE 



US 4953208 A 28-08-1990 JP 2288573 A 28-11-1990 

JP 2810103 B 15-10-1998 
GB 2232032 A,B 28-11-1990 



This Page is Inserted by IFW Indexing and Scanning 
Operations and is not part of the Official Record 

BEST AVAILABLE IMAGES 

Defective images within this document are accurate representations of the original 
documents submitted by the applicant. 

Defects in the images include but are not limited to the items checked: 

□ BLACK BORDERS 

% } IMAGE CUT OFF AT TOP, BOTTOM OR SIDES 

□ FADED TEXT OR DRAWING 

□ BLURRED OR ILLEGIBLE TEXT OR DRAWING 

□ SKEWED/SLANTED IMAGES 

□ COLOR OR BLACK AND WHITE PHOTOGRAPHS 

□ GRAY SCALE DOCUMENTS 

□ LINES OR MARKS ON ORIGINAL DOCUMENT 

□ REFERENCE(S) OR EXHIBIT(S) SUBMITTED ARE POOR QUALITY 

□ OTHER: 

IMAGES ARE BEST AVAILABLE COPY. 
As rescanning these documents will not correct the image 
problems checked, please do not report these problems to 
the IFW Image Problem Mailbox. 



